jspωiki
LDAP schema used by autofs
Your trail: 

Overview#

There are three LDAP Schemas that can be used for storing autofs data in LDAP.

They do not differ in semantics the way RFC2307 and RFC2307bis schemas differ in the member/memberuid attribute. The difference in schemas is mostly attribute and ObjectClasses naming and how the DNs are constructed. The DNs are also not used by the NIX client.

SSSD should convert the data into a cache-specific schema. The cache specific schema will be based on the RFC2307bis automounter schema, which is by far the most widely used schema.

Each of the schemas define objectclass names for map and entry and attribute names for map name (used by map) and key and value attribute names (used by map entry).

attribute RFC2307bis NISRFC2307Schema extension
map objectclass automountMap nisMap automountMap
entry objectclassautomount nisObject automount
map attribute automountMapName nisMapName ou
entry attribute automountKey cn cn
value attribute automountInformation nisMapEntry automountInformation

An example of the RFC2307bis LDAP Schema showing an entry for /home/foo included in the master map: 

dn: automountMapName=auto.master,dc=example,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto.master

dn: automountMapName=auto.master,dc=example,dc=com
objectClass: automount
cn: /home
automountKey: /home
automountInformation: auto.home

dn: automountMapName=auto.home,dc=example,dc=com
objectClass: automountMap
automountMapName: auto.home

dn: automountKey=foo,automountMapName=auto.home,dc=example,dc=com
objectClass: automount
automountKey: foo
automountInformation: filer.example.com:/export/foo

Most, if not all, of the autofs documentation out there describes the naming schema as per RFC2307bis, but it is technically possible to use autofs objects created according to RFC2307bis and user/group objects created according to plain RFC 2307 in the same DIT. Because the schemas differ in attribute naming only, not semantically, it is trivial to override the schema in the config file.

One difference between File System entries and entries in LDAP is that the cn attribute is Case-insensitive, unlike key names which are essentially directory names. This seems to be one of the reasons the RFC2307bis schema was adopted.

nsswitch.conf is automounter: ldap (there is no /etc/auto.master file)

Sample ldif for auto.master and auto.home entries 

dn: ou=auto.master, dc=mydom,dc=com
ou: auto.master
objectClass: top
objectClass: automountMap

dn: cn=/home,ou=auto.master, dc=mydom,dc=com
objectClass: automount
automountInformation: ldap:host.mydom.com:ou=auto.home,dc=mydom,dc=com --timeout 60
cn: /home

dn: ou=auto.home, dc=mydom,dc=com
ou: auto.home
objectClass: top
objectClass: organizationalUnit

dn: cn=user1,ou=auto.home, dc=mydom,dc=com
objectClass: automount
automountInformation: -rw,hard,intr host:/export/home/user1
cn: user1

In this senario, when the automounter starts, it will parse the nsswitch.conf file. Since our entry contains LDAP it will search the base dn specified in the /etc/ldap.conf file for the objectClass: automount with the ou=auto.master and use the automountinformation entry as a pointer to rest of the mount information as in the example LDIF above.

Automounts become a DIT structure similar to: 

dc=com
|--dc=willeke
|---ou=Unix
|----automountMapName=auto_direct
|-----automountKey=/mnt_direct/test1
|-----automountKey=/mnt_direct/test2

The nisObject Automount RFC2307Schema#

The nisObject automount schema defines nisMap and nisObject structures to represent the AutoFS maps and their entries. The AutoFS maps are stored in the LDAP directory server using the nisMap and nisObject structures. An Example

The following shows an example of a direct AutoFS map, auto_direct, stored in the LDAP directory server using the nisObject automount schema: 

dn:nisMapName=auto_direct,dc=nishpind
objectClass: top
objectClass: nisMap
nisMapName: auto_directdn:cn=/mnt_direct/test1, nisMapName=auto_direct, dc=nishpind
objectClass: top
objectClass: nisObject
nisMapName: auto_direct
cn: /mnt_direct/test1
nisMapEntry:hostA:/tmp 

dn:cn=/mnt_direct/test2, nisMapname=auto_direct, dc=nishpind
objectClass: top
objectClass: nisObject
nisMapName: auto_direct
cn: /mnt_direct/test2
nisMapEntry:hostB:/tmp

Limitations#

The nisObject automount schema contains three attributes:
  • cn
  • nisMapEntry
  • nisMapName.
cn is an attribute that ignores case-matching. Consider the following example: 
# an indirect map named auto_test
test1    server1:/source
TEST1    server2:/source
In the above example, because the cn attribute is case-insensitive, the LDAP considers:
  • cn=TEST1, nisMapName=auto_test
  • cn=test1, nisMapName=auto_test
these entries the same.

Using the nisObject automount map schema, capital letters are not significant. In other words, if two keys have names that are only different by the use of capital letters, then one of those entries will be rendered inoperable because the other one is the only one that can be retrieved. NOTE: If you use the nisObject automount map schema, do not use any keys that have capital letters and only differ from other keys by those capital letters.

nsswitch.conf#

nsswitch.conf is automounter as this is NOT in LDAP (i.e. there is no /etc/auto.master file)

More Information#

There might be more information for this subject on one of the following:
This page (revision-9) was last changed on 26-Feb-2020 12:43 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions44
Uptime0d, 3h 8m 56s
Number of pages16305

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1